Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 07 Dec 2014 14:26:44 +0100
From: Dennis Schridde <devurandom@....net>
To: john-users@...ts.openwall.com
Cc: Albert Veli <albert.veli@...il.com>
Subject: Re: Partially known PGP key password

Hello!

I tried this again with the current Git version of JTR (from MagnumRipper, 
Bleeding Jumbo branch, as you suspected) and it seems to work. So thanks for 
the hint, Albert!

Generally: The status line works now, too. As does OpenMP (JTR utilises all 
cores). Thanks for fixing that. (Or maybe it was just broken on Debian 7…)

So there is only one issue: --format=gpg-opencl is currently unusable [1] on 
my system.

Best regargs,
Dennis

[1] https://bugs.freedesktop.org/show_bug.cgi?id=87071

Am Dienstag, 20. Mai 2014, 09:03:36 schrieb Albert Veli:
> I haven't tried it myself, but I read on the list a while ago there seems
> to be support for some kind of mask attack in one of the github variants
> (is it the magnumripper jumbo version?).
> 
> Something like john --mask='password?d' would try all combinations
> from password0 to password9. If this works, try ?l for lower case
> characters and ?u for upper case.
> 
> On Mon, May 19, 2014 at 7:10 AM, Dennis Schridde <devurandom@....net> wrote:
> > Hello everyone!
> > 
> > A friend of mine only remembers the beginning of his PGP key password
> > and needs to recover the rest. I suggested John and already converted
> > the key using gpg2john and created a john.local.conf similar to the
> > following:
> > 
> > [List.Rules:R]
> > Az~[a]
> > Az~[a][b]
> > Az~[a][b][c]
> > 
> > where a,b,c are possible characters of the password. Now I am running
> > John with a wordlist that contains only one line: The known first
> > characters.
> > 
> > My question is: Is this an efficient way to crack the password? (My
> > machine has two cores, but John compiled with OpenMP only uses one,
> > while I would assume the task to be easily parallelisable.)
> > 
> > When I talked to Magnum (actual question below [1]), he pointed out that
> > I might be using too many salts. Now Johns says "Loaded 2 password
> > hashes with 2 different salts (OpenPGP / GnuPG Secret Key [32/64])", so
> > I assume that two are not really too many, right? And it seems those
> > salts came from the PGP key itself, because the file gpg2john created
> > contains two lines, and I do not see any other resemblance of the
> > number "2" anywhere.
> > 
> > Best regards,
> > Dennis
> > 
> > [1]
> > 
> > > I read that I can make john output a status line by pressing <space>
> > > during runtime. I also read that I can execute john -status from
> > > another console and it will examine the john.rec file to print the
> > > status line there. However, neither method works on my system:
> > > 
> > > Pressing space just does nothing. Pressing q sometimes exits john
> > > immediately, but I cannot reproduce that now. Pressing ^C results in a
> > > line "Wait...", but nothing happens. Pressing ^C aborts the session
> > > immediately.
> > > 
> > > Executing john -status results in the message that the file john.rec
> > > does not exist.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.